Project

General

Profile

Bug #1967

osmo-sim-auth: NoneType exception with AUTN generated from OP

Added by neels almost 3 years ago. Updated 17 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
-
Start date:
03/07/2017
Due date:
% Done:

50%

Spec Reference:

Description

Take a brand new sysmoUSIM and attempt a UMTS authentication using osmo-sim-auth and a card reader.
The USIM database has an OPC that works, but on our sysmoUSIM, there's actually an OP.
Using the OP and KI from the card, the result is an exception without sensible error message; transcript follows.

two issues:
a) does osmo-auc-gen produce proper AUTN from OP? If not, create a new issue and fix it.
b) osmo-sim-auth should reply with a useful error message.

History

#1 Updated by neels almost 3 years ago

transcript:

▶ ./sysmo-usim-tool.sjs1.py -a 94736127 -o
sysmoUSIM-SJS1 parameterization tool
Copyright (c)2017 Sysmocom s.f.m.c. GmbH

Initializing smartcard terminal...
 * Terminal: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00
 * Protocol: 1

Reading OP/C value...
 * Initalizing...
 * Authenticating at card as administrator...
 * Reading...
 * Current OPc setting:
   OP: 0x0
   OP/OPc: $OP

Done!

▶ osmo-auc-gen -3 -a milenage -k 46F5C2A19D2CC186A971D5015D4CCDBF -O $OP
osmo-auc-gen (C) 2011-2012 by Harald Welte
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

WARNING: We're using really weak random numbers!

RAND:    c204ba0b40a32653156bf463d7a5276a
AUTN:    49be6a6a168500006d59b40ab98709e8
[...]

▶ ./osmo-sim-auth.py -r c204ba0b40a32653156bf463d7a5276a -a 49be6a6a168500006d59b40ab98709e8
[+] UICC AID found:
found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0)
[+] USIM AID selection succeeded

Testing USIM card with IMSI 901700000014702

UMTS Authentication
Traceback (most recent call last):
  File "./osmo-sim-auth.py", line 114, in <module>
    handle_usim(options, rand_bin, autn_bin)
  File "./osmo-sim-auth.py", line 44, in handle_usim
    if len(ret) == 1:
TypeError: object of type 'NoneType' has no len()

Adding some aggressive debug output, I get:

▶ ./osmo-sim-auth.py -r c204ba0b40a32653156bf463d7a5276a -a 49be6a6a168500006d59b40ab98709e8
[+] UICC AID found:
found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0)
[+] USIM AID selection succeeded

Testing USIM card with IMSI 901700000014702

UMTS Authentication
Authenticating with '3G'
[+] authentication error: ['INTERNAL AUTHENTICATE apdu: 00 88 00 81 22 10 C2 04 BA 0B 40 A3 26 53 15 6B F4 63 D7 A5 27 6A 10 49 BE 6A 6A 16 85 00 00 6D 59 B4 0A B9 87 09 E8', 'sw1, sw2: 98 62 - undefined status', (152, 98), []]
ret = None
Traceback (most recent call last):
  File "./osmo-sim-auth.py", line 115, in <module>
    handle_usim(options, rand_bin, autn_bin)
  File "./osmo-sim-auth.py", line 45, in handle_usim
    if len(ret) == 1:
TypeError: object of type 'NoneType' has no len()

#2 Updated by laforge over 1 year ago

  • Assignee set to dexter
  • Priority changed from Normal to Low

#3 Updated by dexter about 1 year ago

The method authenticate() may return None in some error cases, this leads into the exception since we use len() to to check the return code further. I have added a check for that now:

https://gerrit.osmocom.org/#/c/osmo-sim-auth/+/12684 Check return code of u.authenticate()

I also get SW: 98 62, but I have difficulties to get smart out of this since I do not know whats the best way to verify the output of osmo-auc-gen.

#4 Updated by laforge about 2 months ago

  • Priority changed from Low to Normal
  • the ticket shouldn't be new/0% if thre's already a patch in review (and most likely merged) for 10 months.

I also get SW: 98 62, but I have difficulties to get smart out of this since I do not know whats the best way to verify the output of osmo-auc-gen.

I'm not sure what you mean by "how to verify the output of osmo-auc-gen". What do you mean exactly? Do you have doubts that the output of osmo-auc-gen might not be correct?

#5 Updated by dexter 19 days ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

I have tried it now with OP and OPc, in both cases it works. Here is the output of my card:

$ osmo-auc-gen -3 -a milenage -k FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -O FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
osmo-auc-gen (C) 2011-2012 by Harald Welte
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

RAND:    f38b69944da57fa6b7f20f5de9f9b9db
AUTN:    3be4918719640000fc55166f4eb8c32e
IK:    e13d79c701e1a0b7fc02dd13a87663cb
CK:    b2f435e99b7d06ad08190ff6ba36a4be
RES:    9129fd749b5d7681
SRES:    0a748bf5
Kc:    a7d29ecb88dc616f
SQN:    32
IND:    0
$ ./osmo-sim-auth.py -r f38b69944da57fa6b7f20f5de9f9b9db -a 3be4918719640000fc55166f4eb8c32e
[+] UICC AID found:
found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0)
[+] USIM AID selection succeeded

Testing USIM card with IMSI 4100600000115151515

UMTS Authentication
AUTS:    db729b5eb6c901cc2303a4f00ac1

GSM Authentication
SRES:    37590885
Kc:    411a8e9038c28000

To me everything looks fine.

#6 Updated by laforge 17 days ago

  • Status changed from In Progress to Rejected

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)